...
Background:
AD-Sync sometimes removes many users from the FEDERATION_USER_GROUPS table or from the MANAGED_USER_GROUPS table. It happens when removing a group with a lot of users from EW policies or from allowed groups on SharePoint sites, or when changing the group type in the AD (see OLAM case below). The customers do it usually for a short period when they change groups policies. In this short period, it cause to many problems in the adapter (many subscriptions were deleted, etc.)
To fix this issue, we added a new configuration that prevents deleting many users: “MinUsersNotDelete”.
If the AD-Sync should delete managed users that are more than MinUsersNotDelete - he will not delete them and show the following warning instead:
"The number of users that we are going to delete from TABLE_NAME is X, but is bigger than MinUsersNotDelete, it's probably a problem. so we are not deleting them".
...
27/6/22 - This case happened in OLAM because one of the Managed Groups was a changed to Distribution Group and we support only in Security groups. In this case, the AD-Sync not recognised this Distribution group so he want to delete all the users in this group (10K users) from federation/managed user group tables. The protection mechanism was turned on and he prevents this big deletion.